Non-zero Inner Product Encryption with Short Ciphertexts and Private Keys

Chen, Jie; Libert, Benôıt; Ramanna, Somindu C.

doi:10.1007/978-3-319-44618-9_2

Cited by 10 publications

(4 citation statements)

References 41 publications

(60 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attrapadung and Libert [14] proposed an a non-zero inner-product encryption (NIPE) scheme with constant size ciphertexts and a generalized NIPE scheme for IBR. Recently, Chen et al [23] proposed improved NIPE schemes with short ciphertexts and short keys. However, all IBR schemes directly derived from NIPE schemes have limitations that the maximum number of revoked users in ciphertexts is bounded.…”

Section: B Related Workmentioning

confidence: 99%

Identity-Based Revocation From Subset Difference Methods Under Simple Assumptions

Lee

Park

2019

IEEE Access

View full text Add to dashboard Cite

Identity-based revocation (IBR) is a specific kind of broadcast encryption that can effectively send ciphertext to a set of receivers. In IBR, a ciphertext is associated with a set of revoked users instead of a set of receivers and the maximum number of users in the system can be an exponential value in the security parameter. In this paper, we reconsider the general method of Lee et al. (ESORICS 2014) that constructs a public-key revocation (PKR) scheme by combining the subset difference (SD) method of Naor, Naor, and Lotspiech (CRYPTO 2001) and a single revocation encryption (SRE) scheme. Lee et al. left it as an open problem to construct an SRE scheme under the standard assumption without random oracles. In this paper, we first propose a selectively secure SRE scheme under the standard assumption without random oracles. We also propose a fully secure SRE scheme under simple static assumptions without random oracles. Next, we present an efficient IBR scheme that supports fast decryption by combining the SD method and our SRE scheme. The security of our IBR scheme depends on that of the underlying SRE scheme. Finally, we implemented our SRE and IBR schemes and measured the performance.

show abstract

Section: B Related Workmentioning

confidence: 99%

Identity-Based Revocation From Subset Difference Methods Under Simple Assumptions

Lee

Park

2019

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Boneh and Hamburg [15] obtained a system with O(1)-size ciphertexts and O(n)-size keys. Using the Déja Q technique, Chen et al [21] described an identity-based revocation mechanism [41] with short ciphertexts and private keys under constantsize assumptions. The aforementioned constructions were all only proven secure against selective adversaries.…”

Section: Related Workmentioning

confidence: 99%

Compact IBBE and Fuzzy IBE from Simple Assumptions

Gong

Libert

Ramanna

2018

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. We propose new constructions for identity-based broadcast encryption (IBBE) and fuzzy identity-based encryption (FIBE) in bilinear groups of composite order. Our starting point is the IBBE scheme of Delerablée (Asiacrypt 2007) and the FIBE scheme of Herranz et al. (PKC 2010) proven secure under parameterised assumptions called generalised decisional bilinear Diffie-Hellman (GDDHE) and augmented multi-sequence of exponents Diffie-Hellman (aMSE-DDH) respectively. The two schemes are described in the prime-order pairing group. We transform the schemes into the setting of (symmetric) composite-order groups and prove security from two static assumptions (subgroup decision). The Déjà Q framework of Chase et al. (Asiacrypt 2016) is known to cover a large class of parameterised assumptions (dubbedüber assumption), that is, these assumptions, when defined in asymmetric composite-order groups, are implied by subgroup decision assumptions in the underlying compositeorder groups. We argue that the GDDHE and aMSE-DDH assumptions are not covered by the Déjà Qüber assumption framework. We therefore work out direct security reductions for the two schemes based on subgroup decision assumptions. Furthermore, our proofs involve novel extensions of Déjà Q techniques of Wee (TCC 2016-A) and Chase et al. Our constructions have constant-size ciphertexts. The IBBE has constant-size keys as well and guarantees stronger security as compared to Delerablée's IBBE, thus making it the first compact IBBE known to be selectively secure without random oracles under simple assumptions. The fuzzy IBE scheme is the first to simultaneously feature constant-size ciphertexts and security under standard assumptions.

show abstract

“…Such a revocation mechanism was considered in the settings of IBE and ABE by Qin et al [89] and Cui et al [31], respectively. Under direct revocation model, Lewko et al [57] proposed an identity-based revocation system with very small private keys, i.e., of size independent from N and r. Chen et al [27] gave a generic construction from non-zero inner-products PE to identity-based revocation system, where both private keys and ciphertexts have constant sizes but the size of public parameters is linear in N . Beyond the IBE setting, Attrapadung and Imai [10] considered ABE supporting direct revocation mechanism and Nieto et al [78] further extended it to the PE setting.…”

Section: Contributions Of the Thesismentioning

confidence: 99%

“…They made use of a "two-equation" technique to obtain this efficiency. Second, Chen et al [27] gave a generic construction from non-zero inner-products PE to identity-based revocation system, where both private keys and ciphertexts have constant sizes but the size of public parameters is linear in the number of users. They also put forward a pairing-based non-zero inner-products PE scheme.…”

Section: Conclusion and Open Problemsmentioning

confidence: 99%

Revocable cryptosystems from lattices

Zhang¹

View full text Add to dashboard Cite

In the last decade, lattices have become one of the most powerful tools in constructing cryptographic schemes, which enjoy conjectured resistance against quantum computers and strong security guarantees from worst-case to average-case reductions, as well as asymptotic efficiency. For a multiuser cryptosystem, user revocation has been a necessary but challenging problem. However, all known revocable schemes are either based on number-theoretic assumptions or lattice-based but less efficient compared to the art-of-date systems. In this thesis, we focus on investigating user revocation model and the associated lattice-based instantiations. Our constructions have two goals: (i) to improve the existing revocable lattice-based cryptosystems in terms of efficiency and security; (ii) to consider the revocation functionality in new contexts from lattices. For the former, we carefully adapt the very recent revocation model into the lattice setting. The latter can be achieved either by using the existing revocation models (without concrete constructions from lattices) or by proposing new revocation models. We construct a series of cryptosystems supporting efficient revocations as follows.-A revocable identity-based encryption (IBE) scheme, which is more efficient than all existing such schemes from lattices. We follow the architecture of the server-aided revocable encryptions, proposed by Qin et al. (ESORICS 2015). This paradigm provides significant efficiency advantages over previous revocation techniques in the setting of IBE. In the server-aided revocation model, most of the workloads on the user side are outsourced to an untrusted server, which can be untrusted since it does not possess any private information. With the help of this server, non-revoked users do not need to update anything when the system revokes other users. We equip Agrawal, Boneh, and Boyen's IBE (EUROCRYPT 2010) with the server-aided revocation method. In the technical view, we observe that a "double encryption" mechanism is well-suited in such a server-aided system. We also show that our scheme is provably secure provided with the strong hardness of the Learning With Errors (LWE) problem.-A revocation model called server-aided revocable predicate encryption (SR-PE) and an instantiation from lattices. We consider the server-aided revocation mechanism in the predicate encryption (PE) setting and formalize the notion of SR-PE with rigorous definitions and security model. Moreover, we introduce a construction of SR-PE for the scheme introduced by Agrawal, Freeman, and Vaikuntanathan (ASIACRYPT 2011) and prove that our scheme is selectively secure in the standard model. The correctness of our scheme relies on a special property of lattice-based encryption schemes.-A lattice-based construction of predicate encryption following the direct revocation mechanism. In such a mechanism, it forces the ciphertexts to carry on the revocation information. Nieto, Manulis, and Sun (ACISP 2012) considered direct revocations in the PE setting and suggested the notion of...

show abstract

Non-zero Inner Product Encryption with Short Ciphertexts and Private Keys

Cited by 10 publications

References 41 publications

Identity-Based Revocation From Subset Difference Methods Under Simple Assumptions

Identity-Based Revocation From Subset Difference Methods Under Simple Assumptions

Compact IBBE and Fuzzy IBE from Simple Assumptions

Revocable cryptosystems from lattices

Contact Info

Product

Resources

About